TL;DR: My Netgear router has a known backdoor. It apparently works as intended. I am disappointed and hoping that my neighbors don't read this weblog and start playing with my internets.

The recent brouhaha around backdoors in DLink routers was entertaining. I've just found out myself recently that the same is possible very easily on my own Netgear router.

In fact, Netgear provides a Windows tool for getting root access on these routers, where you don't need to enter any credentials. It's publicly documented how to do it, on the OpenWRT wiki: http://wiki.openwrt.org/toh/netgear/telnet.console.

When I found that page, I just wanted to use my router from the command line. At first I thought I'd have to provide my own (web-interface) username and password, but after a series of unsuccessful attempts it started dawning on me that the username/password combination on the wiki might just be meant literally, and not just as an example.

I will spare you the technical details, you can read them up on the link above or on http://insecurety.net/?p=692. The interesting part is: This is very far from witchcraft, and not particularly hard to do.

It seems that even at Netgear, there seems to be an understanding that anyone with access to my internal network should be able to reconfigure my router. Why else would they just release that tool themselves?

Netgear, if you read this: Can you please release a patch, so that it at least asks for the web-administration password, before handing out full access?

Man, am I disappointed!